Adding Business Logic to Terraform

resource "aws_iam_role" "my_role" {
name = var.name
description = var.description
path = var.path
assume_role_policy = var.assume_role_policy

tags = {
Name = var.name
}
}
output name {
value = aws_iam_role.my_role.name
}
variable name {
type = string
}

variable path {
type = string
}

variable description {
type = string
}

variable assume_role_policy {
type = string
}
resource "aws_iam_role" "my_role" {
name = var.name
description = var.description
path = var.path
assume_role_policy = var.assume_role_policy

tags = {
Name = var.name
}
}
resource "aws_iam_role_policy_attachment" "policy" {
role = aws_iam_role.my_role.name
policy_arn = var.policy_arn
}
output name {
value = aws_iam_role.my_role.name
}
variable name {
type = string
}

variable path {
type = string
}

variable description {
type = string
}

variable assume_role_policy {
type = string
}
variable policy_arn {
type = string
}
resource "aws_iam_role" "my_role" {
name = var.name
description = var.description
path = var.path
assume_role_policy = var.assume_role_policy

tags = {
Name = var.name
}
}
resource "aws_iam_role_policy_attachment" "policies" {
count = var.policy_arns
role = aws_iam_role.my_role.name
policy_arn = var.policy_arns[count.index]
}
output name {
value = aws_iam_role.my_role.name
}
variable name {
type = string
}

variable path {
type = string
}

variable description {
type = string
}

variable assume_role_policy {
type = string
}
variable policy_arns {
type = list(string)
}
module "my_role" {
source = "../resource_iam_role"
name = local.name
path = local.path
description = local.description
assume_role_policy = local.assume_role_policy
policy_arns = var.policies
}
variable application {
type = string
}

variable owner {
type = string
}

variable environment {
type = string
}
variable policies {
type = list(string)
}
locals {
name = "${var.application}-${var.owner}-${var.environment}"
path = "/service-role/"
description = "EC2 role to do stuff"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": ["ecs.amazonaws.com", "ec2.amazonaws.com"]
},
"Effect": "Allow"
}
]
}
EOF
}
resource "aws_iam_policy" "policy" {
name = var.name
path = var.path
description = var.description
policy = var.policy
}

output "arn" {
value = aws_iam_policy.policy.arn
}
variable name {
type = string
}
variable path {
type = string
}
variable description {
type = string
}
variable policy {
type = string
}
resource "aws_iam_policy" "policy" {
name = var.name
path = var.path
description = var.description
policy = local.policy
}

output "arn" {
value = aws_iam_policy.policy.arn
}
variable name {
type = string
}
variable path {
type = string
default = "/"
}
variable description {
type = string
}
variable policy_file {
type = string
}
locals {
policy = file("${path.module}/${var.policy_file}")
}
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListBucketByTags",
"s3:ListBucket",
"s3:GetObject"
],
"Resource": "arn:aws:s3:::*"
}
]
}
module "ssh_policy" {
source = "../../modules/resource_iam_policy"
policy_file = "../../iam_docs/access_for_ssh.json"
description = "Policy to allow access to ssh access"
name = local.ssh_name
}
module "s3_policy" {
source = "../../modules/resource_iam_policy"
policy_file = "../../iam_docs/access_to_s3.json"
description = "Policy to allow access to S3 bucket"
name = local.s3_name
}
module "my_role" {
source = "../resource_iam_role"
name = local.role_name
path = local.role_path
description = local.description
assume_role_policy = local.assume_role_policy
policy_arns = local.policies
}
variable application {
type = string
}

variable owner {
type = string
}

variable environment {
type = string
}
locals {
name = "${var.application}-${var.owner}-${var.environment}"
role_name = "${local.name}-role"
ssh_name = "${local.name}-ssh_policy"
s3_name = "${local.name}-s3_policy"
role_path = "/service-role/"
role_description = "EC2 role to do stuff"
policies = [module.ssh_policy.arn, module.s3_policy.arn]
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": ["ecs.amazonaws.com", "ec2.amazonaws.com"]
},
"Effect": "Allow"
}
]
}
EOF
}
module "iams" {
source = "../modules/bl_iams"
application = var.application
owner = var.owner
environment = var.env
}
resource "aws_iam_role" "my_role" {
name = var.name
description = var.description
path = var.path
assume_role_policy = var.assume_role_policy

tags = {
Name = var.name
}
}
resource "aws_iam_role_policy_attachment" "policies" {
count = var.policy_arns
role = aws_iam_role.my_role.name
policy_arn = var.policy_arns[count.index]
}
resource "aws_iam_role_policy_attachment" "mandatory" {
count = length(local.mandatory_policies)
role = aws_iam_role.my_role.name
policy_arn = local.mandatory_policies[count.index]
}
output name {
value = aws_iam_role.my_role.name
}
variable name {
type = string
}

variable path {
type = string
}

variable description {
type = string
}

variable assume_role_policy {
type = string
}
variable policy_arns {
type = list(string)
}
locals {
account_id = data.aws_caller_identity.current.account_id
mandatory_policies = [
"arn:aws:iam::${local.account_id}:policy/global-policy-1",
"arn:aws:iam::${local.account_id}:policy/global-policy-2"
]
variable application {
type = string
}

variable owner {
type = string
}

variable environment {
type = string
}

variable sub_env {
type = string
}
locals {
env = length(var.sub_env) > 0 ? "${var.environment}-${var.sub_env} : "${var.environment}
name = "${var.application}-${var.owner}-${local.env}"
role_name = "${local.name}-role"
ssh_name = "${local.name}-ssh_policy"
s3_name = "${local.name}-s3_policy"
role_path = "/service-role/"
role_description = "EC2 role to do stuff"
policies = [module.ssh_policy.arn, module.s3_policy.arn]
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": ["ecs.amazonaws.com", "ec2.amazonaws.com"]
},
"Effect": "Allow"
}
]
}
EOF
}

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store